<?php
namespace app\http\middleware;

use think\Request;
//跨域中间件
class CrossDomain
{
    public function handle(Request $request, \Closure $next)
    {
        //设置编码
        header("Content-type:application/json;charset=utf-8");
        //允许cookie
        header('Access-Control-Allow-Credentials: false');
        header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
        header('Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept,Authorization');
        //指定预检请求的有效期48h
        header('Access-Control-Max-Age: 1728000');
        if (strtoupper($request->method()) == "OPTIONS") {
            header('Access-Control-Allow-Origin: *');
            return response();
        }
        $confCheck = config('check.');
        if($confCheck['is_whitelist'] && !empty($confCheck['whitelist'])){
            $requestList = [$request->ip(),$request->host(),$request->domain(),$request->url(true),$request->rootDomain(),$request->header('host')];
            if(empty(array_intersect($confCheck['whitelist'],$requestList))){
                return response()->code(403);
            }
        }
        return $next($request);
    }
}
